OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-dd-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: WS-DD 1.1 2009/01


Below are comments on the Web Services Dynamic Discovery (WS-Discovery) Version 1.1 Public Review Draft 01 28 January 2009.

 

Section 8.2 Compact Signature Format:

The SignedInfo element in the example expanded compact signature in Table 14 is not in XML-C14N canonical form.  Specifically, it does not contain end tags for elements that only have attributes and no value.  I believe this is misleading for someone trying to correctly create the string to sign.  I think that the example should be in canonicalized form, or at a minimum there should be a note that states that it is not in canonicalized form.  Below I have inserted what I believe to be the correct form.

Table 14 canonicalized:

(01)<ds:Signature

(02)    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"

(03)    xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-1414 wssecurity-secext-1.0.xsd" >

(04)<ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod><ds:Reference URI="#ID1"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="i" xmlns:ec="http://www.w3.org/2001/10/xml-exc-1421 c14n#"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>ODE3NDkyNzI5</ds:DigestValue></ds:Reference></ds:SignedInfo>

(05)  <ds:SignatureValue>ru5Ef76xGz5Y5IB2iAzDuMvR5Tg=</ds:SignatureValue>

(06)  <ds:KeyInfo>

(07)    <wsse:SecurityTokenReference>

(08)      <wsse:KeyIdentifier>Dx42/9g=</wsse:KeyIdentifier>

(09)    </wsse:SecurityTokenReference>

(10)  </ds:KeyInfo>

(11)</ds:Signature>

(12)

 

 

======================

Jay Treptow

jay@treptows.net

======================

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]